sphalerite changed the topic of #nixos-dev to: NixOS Development (#nixos for questions) | NixOS 19.03 released! https://discourse.nixos.org/t/nixos-19-03-release/2652 | https://hydra.nixos.org/jobset/nixos/trunk-combined https://channels.nix.gsc.io/graph.html https://r13y.com | 19.03 RMs: samueldr,sphalerite | https://logs.nix.samueldr.com/nixos-dev
Guanin has quit [Remote host closed the connection]
rsa has quit [Ping timeout: 248 seconds]
drakonis_ has quit [Ping timeout: 244 seconds]
rsa has joined #nixos-dev
johnny101m has joined #nixos-dev
jtojnar has quit [Read error: Connection reset by peer]
jtojnar has joined #nixos-dev
jtojnar has quit [Read error: Connection reset by peer]
orivej has quit [Ping timeout: 246 seconds]
NinjaTrappeur has quit [Ping timeout: 264 seconds]
NinjaTrappeur has joined #nixos-dev
drakonis has joined #nixos-dev
drakonis has quit [Quit: WeeChat 2.5]
orivej has joined #nixos-dev
rsa has quit [Ping timeout: 258 seconds]
pie_ has quit [Ping timeout: 252 seconds]
<domenkozar[m]> has anyone managed to get newer Nix + darwin working on travis?
orivej has quit [Ping timeout: 246 seconds]
ixxie has joined #nixos-dev
pie_ has joined #nixos-dev
orivej has joined #nixos-dev
<zimbatm> worldofpeace: are you really talking about yourself in the third person :p
<zimbatm> I would have to kick somebody out, we only have a limited number of admins available on the free instance
<averell> make a script to rotate by available timezones ;)
<tilpner> D: averell--
johnny101m2 has joined #nixos-dev
johnny101m has quit [Read error: Connection reset by peer]
johnny101m has joined #nixos-dev
johnny101m2 has quit [Ping timeout: 250 seconds]
<tilpner> das_j, ajs124: Did you give it a try?
marek has quit [Ping timeout: 272 seconds]
marek has joined #nixos-dev
<tilpner> \o/
<tilpner> IFD-less AA profiles
<gchristensen> oh?
<tilpner> https://github.com/tilpner/nur-packages/blob/master/pkgs/mkApparmorProfile.nix only worked with IFD, until a few minutes ago
<tilpner> Now I can try to generate and enforce a few profiles, and improve that wrapper
<gchristensen> ooo
<gchristensen> I was dreaming last night about systemd services only having access to the program's closure by default
<tilpner> That sounds familiar
<tilpner> Don't we already have that?
<gchristensen> no
<gchristensen> not that I know of :)
<tilpner> systemd.services.<name>.confinement.fullUnit
<tilpner> Not fullUnit specifically, the whole confinement attrset
<tilpner> systemd.services.<name>.confinement.enable
<tilpner> If set, all the required runtime store paths for this service are bind-mounted into a tmpfs-based chroot(2).
<gchristensen> hot dog
<gchristensen> I love this
<gchristensen> aszlig. of course it is aszlig!
<tilpner> aszlig++
<{^_^}> aszlig's karma got increased to -666
<tilpner> gchristensen: Now you just have to default confinement.enable = true and tell us if it still boots :)
<gchristensen> sure
<gchristensen> and probably enable fullUnit by default
<tilpner> Yeah. I still wouldn't expect that to work as a default
<gchristensen> I will try it
<tilpner> But it might still be feasible to enable confinement for more services by default
orivej has quit [Ping timeout: 248 seconds]
__monty__ has joined #nixos-dev
<worldofpeace> zimbatm: I frequently talk about myself in third person :D I call it the observer self
marek has joined #nixos-dev
marek has quit [Changing host]
<samueldr> worldofpeace, zimbatm, while it's not admin, a bunch of rights are given with that badge https://discourse.nixos.org/badges/4/leader
<samueldr> oh, I thought
<samueldr> that "Leader" too was automated, but looks like it's given https://blog.discourse.org/2018/06/understanding-discourse-trust-levels/
<ivan> https://github.com/NixOS/nixpkgs/pull/64054 can probably be merged
<{^_^}> #64054 (by ivan, 6 weeks ago, open): snscrape: 0.2.0 -> 0.3.0
<gchristensen> "by: package maintainer" can't disagree :)
<ivan> thanks
<worldofpeace> sounds about right samueldr
<ivan> https://github.com/NixOS/nixpkgs/pull/63539 can probably be merged too
<{^_^}> #63539 (by ivan, 8 weeks ago, open): usbguard-nox: init at 0.7.4
<ivan> I tested it, maintainer untested but ok'ed
<ivan> https://github.com/NixOS/nixpkgs/pull/52828 also approved by maintainer
<{^_^}> #52828 (by ivan, 33 weeks ago, open): pyflame: fix the build on machines with kernel.yama.ptrace_scope > 0
orivej has joined #nixos-dev
johnny101m has quit [Remote host closed the connection]
orivej has quit [Ping timeout: 245 seconds]
orivej has joined #nixos-dev
ixxie has quit [Ping timeout: 246 seconds]
orivej has quit [Ping timeout: 248 seconds]
ixxie has joined #nixos-dev
Jackneill has quit [Remote host closed the connection]
Guanin has joined #nixos-dev
<tilpner> das_j, ajs124: I've pushed the IFD-less version, seems to work so far, but the wrapper will be expanded when necessary: https://github.com/tilpner/nur-packages/tree/master/pkgs/mkApparmorProfile
<ajs124> tilpner: nice! We're both kind of away from computers. I looked at your initial implementation and hacked around on my own, but I'll definitely look at the IFD-less version as soon as I have time and a computer.
psyanticy has joined #nixos-dev
ryantm has quit [Ping timeout: 244 seconds]
<samueldr> the main idea being that we would pre-empt the need to add more release artifacts
<samueldr> not even caring about plasma5, but (as stated in a previous comment) the aarch64 images would be a contender for a release
<samueldr> (there's the sd_image, and the iso images, both cannot be combined in a useful manner AFAIK)
<samueldr> [from #nixos-officehours ...] we can shed a bunch of bytes by removing the compiler closure
stew has joined #nixos-dev
<samueldr> which might be needed in the future for sd_image since sd_image is not squashfs'd
<gchristensen> stew: as in s2w?
<samueldr> though sd_image could likely be squashfs'd in some roundabout way
<stew> gchristensen: yes, hi there ;)
<averell> regarding jigdo, how about a build your own iso wizard (maybe with a script result, not the actual image)? of course testing becomes impossible, but as an extra link, that would be pretty cool.
<averell> of course it's a lot of setup work, maybe.
<worldofpeace> niksnut: https://github.com/NixOS/nixpkgs/pull/66640#issuecomment-522131320 That's something that happens purely with the hydra setup?
pie_ has quit [Ping timeout: 252 seconds]
orivej has joined #nixos-dev
<samueldr> for the isos not to block the channel advances, they'd need to be removed from the tested set
orivej has quit [Ping timeout: 246 seconds]
ixxie has quit [Ping timeout: 248 seconds]
__monty__ has quit [Quit: leaving]
psyanticy has quit [Quit: Connection closed for inactivity]
tazjin has joined #nixos-dev